APK injection, recompiling android manifest

Question

What I'd like to achieve

Decompile AndroidManifest.xml packaged in apk from binary form into normal xml file, edit it and recompile it back into binary file acceptable for apk. Basically I need a driver for AXML files

Short background

I'm working on an APK injection project. My goal is

1. Disassemble the dalvik binary
2. Read AndroidManifest xml and add modifications to it, like change main activity and add permissions
3. rebuild and sign the apk file

I use apktool for assembling and disassembling the apk. However the apk tool works only with --no-res option, if apk is disassemled with resources it can not be built back. Here's a github issue describing this bug.

The problem

Since I disassemle the apktool d --no-res app-debug.apk with no res flag the Generated android manifest comes in binary form. I can disassemble the manifest using apktool but I can not assemnle it back.

What I want to be able to do

I need to either:

• Find a way to disassemble the manifest and then assemble it back into binary form
• Find a way to use apktool with resources

What I have tried so far

• Replacing the binary AndroidManifest.xml with plain-text version and then build. The apktool would build. However the installation of the app to device fails with "Parse error there is a problem while parsing the package".
• Using different versions of apktool : v2.3.2, v2.3.1, v2.3.0, v2.2.0, v2.2.1, v2.2.2
• Compiling axml using following projects: https://github.com/rednaga/axmlprinter ; https://github.com/ZaratustraN/axml-parser ; https://github.com/shazam/axmlparser

Disclaimer

Although stackoverflow is a community for knowledge sharing, and not judging what it's used for - I see a lot of people picking on others in similar questions with accusations for illegal activities.

What I'm doing is absolutely legal and will not be used to exploit anyone.

Answer 1

Installation can give parse error on following condition, see if any met with you -

• Name of the package is changed after signing: Use the exact name as the signed package is (instead, adjust the name in Manifest)
• Package. is compiled against on higher API level: Correct the API level in Manifest file.
• Package is executed from SD-card: Run (install) the apk -file from phones memory OR use adb command to install it.

You can manually sign your apk as given here.

Answer 2

The only reliable way I found to repackage the application with plain text androiod manifest is by repacking it using aapt directly.

aapt package -f -M ./AndroidManifest.xml -S res1/ -S res2/ ... -I android.jar -F MyProject.apk.unaligned 

To create the apk, and then :

aapt add -f MyProject.apk.unaligned classes.dex 

To add compiled sources to the package.

Then using jarsigner to sign the package:

jarsigner -storepass <keystore password> -keystore <keystore filename> MyProject.apk.unaligned <key name>